Thursday, June 11, 2015

U.S. Government Creates Critical Mass for HTTPS

The U.S. government is adopting HTTPS for all of its web sites. Government web pages will be secure web pages, so that intervening servers cannot track the specific data being exchanged between the web server and the web browser. A White House directive from last week says all federal government pages must convert to HTTPS by the end of this year. That degree of urgency says there is a security concern. The concern might be about the risk of someone spoofing a government agency web site in order to give out false information (such as a hurricane warning when there is no hurricane), or it could be a reaction to efforts by foreign governments to track the pages that citizens are reading. Regardless of the rationale, this widespread adoption will give HTTPS a new boost.

Twitter, Wikipedia, and Google Mail (among many others) switched to HTTPS two years ago because of security concerns, and those transitions had surprisingly little impact on users. Government sites that handle personal data, such as Social Security, have long used HTTPS to protect user privacy. The addition of all other government web sites to the HTTPS camp may create a critical mass that makes HTTPS seem just as normal as the more familiar HTTP.

It was uneven browser support that made the Web prefer HTTP to HTTPS a decade ago, but now fewer than 1 percent of Internet users are using the old browser software that does not consistently support HTTPS. Balancing security against inclusiveness, it may make sense for the whole Internet to switch to HTTPS soon. If that happens, whole categories of criminal endeavors will fall by the wayside.